Security Intermediate

What is RBAC (Role-Based Access Control)?

An access control model where permissions are assigned to roles, and users are assigned to roles rather than getting permissions directly.

RBAC simplifies permission management. Instead of assigning 50 permissions to each of 100 users, you create roles (Admin, Editor, Viewer) with appropriate permissions and assign users to roles. Changing a role updates all users with that role.

RBAC supports role hierarchies (Admin inherits Editor permissions), separation of duties (no single role has all power), and audit compliance. Most applications implement RBAC: database systems, cloud platforms (AWS IAM roles), and web frameworks.

Related Terms

JWT (JSON Web Token)

A compact, self-contained token format used for securely transmitting information between parties as a JSON object.

DDoS (Distributed Denial of Service)

An attack that floods a target server or network with traffic from multiple sources to overwhelm it and deny service to legitimate users.

A social engineering attack that uses fraudulent communications to trick people into revealing sensitive information or installing malware.

SOC (Security Operations Center)

A centralized team and facility responsible for monitoring, detecting, analyzing, and responding to cybersecurity threats 24/7.

Session Hijacking

An attack where an adversary takes over a legitimate user session by stealing or predicting the session identifier.

WAF (Web Application Firewall)

A security solution that filters and monitors HTTP traffic between a web application and the internet, blocking common attacks.

View All Security Terms →